- Published: January 24, 2017
Often when developing apps with Flask we need to set up environment variables to keep sensitive information secure and out of version control.
This article describes how to set up environment config variables in Flask with python-dotenv and why we can’t rely in Flask’ instance folder.
dotenv versus instance folders
Flask introduces the concept of instance folder, designed to store sensitive information like credentials and passwords for your local environment, the main problem is that it can’t work with ephemeral filesystems like the one Heroku uses.
In this case the perfect fit for this is to use python-dotenv, so we
define environment config variables in Heroku and locally we put them
First we install it with pip install -U python-dotenv
$ pip install -U python-dotenv Collecting python-dotenv Downloading https://files.pythonhosted.org/packages/24/3d/977140bd94bfb160f98a5c02fdfbb72325130f12a325cf993182956e9d0e/python_dotenv-0.9.1-py2.py3-none-any.whl Installing collected packages: python-dotenv Successfully installed python-dotenv-0.9.1
We add the new package to the requirements file.
$ pip freeze > requirements.txt
We make sure that we won’t add it to the source code version control
adding it to
$ echo ".env" >> .gitignore
Add variables to
.env, optionally copy all the environment variables
from your heroku app to have this as a skeleton to fill with local
$ heroku config -s >> .env
or simply add them manually to
.env, for example:
use the new environment variables
Now we can use this environment variables in our Flask app.
Having the following typical structure:
myapp .env myapp __init__.py myapp.py
I like to initialize my app in
/myapp/__init.py__, but it should be
the same if you add this to
import os from flask import Flask from dotenv import load_dotenv #... # load dotenv in the base root APP_ROOT = os.path.join(os.path.dirname(__file__), '..') # refers to application_top dotenv_path = os.path.join(APP_ROOT, '.env') load_dotenv(dotenv_path) tw_consumer_key = os.getenv('TWITTER_CONSUMER_KEY')
I find it useful to use
dotenv for sensitive variables and custom
paths, and maintain other variables in version control separated by
server, like development, testing or production.